def execute(self, **options):
aciname = u'Enable Anonymous access'
aciprefix = u'none'
ldap = self.obj.backend
targetfilter = '(&(!(objectClass=ipaToken))(!(objectClass=ipatokenTOTP))(!(objectClass=ipatokenRadiusConfiguration)))'
filter = None
(dn, entry_attrs) = ldap.get_entry(api.env.basedn, ['aci'])
acistrs = entry_attrs.get('aci', [])
acilist = aci._convert_strings_to_acis(entry_attrs.get('aci', []))
try:
rawaci = aci._find_aci_by_name(acilist, aciprefix, aciname)
except errors.NotFound:
root_logger.error('Anonymous ACI not found, cannot update it')
return False, False, []
attrs = rawaci.target['targetattr']['expression']
rawfilter = rawaci.target.get('targetfilter', None)
if rawfilter is not None:
filter = rawfilter['expression']
update_attrs = deepcopy(attrs)
needed_attrs = []
for attr in ('ipaNTTrustAuthOutgoing', 'ipaNTTrustAuthIncoming'):
if attr not in attrs:
needed_attrs.append(attr)
update_attrs.extend(needed_attrs)
if (len(attrs) == len(update_attrs) and
filter == targetfilter):
root_logger.debug("Anonymous ACI already update-to-date")
return (False, False, [])
for tmpaci in acistrs:
candidate = ACI(tmpaci)
if rawaci.isequal(candidate):
acistrs.remove(tmpaci)
break
if len(attrs) != len(update_attrs):
root_logger.debug("New Anonymous ACI attributes needed: %s",
needed_attrs)
rawaci.target['targetattr']['expression'] = update_attrs
if filter != targetfilter:
root_logger.debug("New Anonymous ACI targetfilter needed.")
rawaci.set_target_filter(targetfilter)
acistrs.append(unicode(rawaci))
entry_attrs['aci'] = acistrs
try:
ldap.update_entry(dn, entry_attrs)
except Exception, e:
root_logger.error("Failed to update Anonymous ACI: %s" % e)
def get_anonymous_read_aci(self, ldap):
aciname = u'Enable Anonymous access'
aciprefix = u'none'
base_entry = ldap.get_entry(self.api.env.basedn, ['aci'])
acistrs = base_entry.get('aci', [])
acilist = aci._convert_strings_to_acis(acistrs)
try:
return aci._find_aci_by_name(acilist, aciprefix, aciname)
except errors.NotFound:
return None
def get_anonymous_read_aci(self, ldap):
aciname = u'Enable Anonymous access'
aciprefix = u'none'
base_entry = ldap.get_entry(self.api.env.basedn, ['aci'])
acistrs = base_entry.get('aci', [])
acilist = aci._convert_strings_to_acis(acistrs)
try:
return aci._find_aci_by_name(acilist, aciprefix, aciname)
except errors.NotFound:
return None
def execute(self, **options):
aciname = u'Enable Anonymous access'
aciprefix = u'none'
ldap = self.obj.backend
(dn, entry_attrs) = ldap.get_entry(api.env.basedn, ['aci'])
acistrs = entry_attrs.get('aci', [])
acilist = aci._convert_strings_to_acis(entry_attrs.get('aci', []))
rawaci = aci._find_aci_by_name(acilist, aciprefix, aciname)
attrs = rawaci.target['targetattr']['expression']
update_attrs = deepcopy(attrs)
needed_attrs = []
for attr in ('ipaNTTrustAuthOutgoing', 'ipaNTTrustAuthIncoming'):
if attr not in attrs:
needed_attrs.append(attr)
update_attrs.extend(needed_attrs)
if len(attrs) == len(update_attrs):
root_logger.debug("Anonymous ACI already update-to-date")
return (False, False, [])
else:
root_logger.debug("New Anonymous ACI attributes needed: %s",
needed_attrs)
for tmpaci in acistrs:
candidate = ACI(tmpaci)
if rawaci.isequal(candidate):
acistrs.remove(tmpaci)
break
rawaci.target['targetattr']['expression'] = update_attrs
acistrs.append(unicode(rawaci))
entry_attrs['aci'] = acistrs
try:
ldap.update_entry(dn, entry_attrs)
except Exception, e:
root_logger.error("Failed to update Anonymous ACI: %s" % e)
